Date: Fri, 3 Apr 2015 13:07:17 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Palinopsia bug Hi, As far as I can see this hasn't been posted here yet: https://hsmr.cc/palinopsia/ tl;dr It may be possible to read out parts of previous screen states from the buffer of your graphics card. This can leak data across users, VMs and survives reboots. I'd say these are vulnerabilities in the graphics drivers. It is to be expected that on a multi user system data is not leaked from one account to another (however there are other situations where this also happens, e.g. the fact that on vanilla linux users can see other users processes). A device driver should not leak data across users. (and yes, I know this is not new and has been pointed out before - even more reason to fix it) Redhat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1076240 Haven't found any infos on fixes yet. I think people of affected GPUs (mine isn't) should report these issues as security vulnerabilities to their graphics driver developers. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.